OAuth2 Applications Resource¶
Added in 3.0
Manage OAuth2 applications.
Details¶
| Name | oauth_app |
| URI | /api/oauth-apps/{app_id}/ |
| Token Policy ID | oauth_app |
| HTTP Methods | |
| Parent Resource | |
| Child Resources | None |
Fields¶
authorization_grant_typeOne of authorization-code, client-credentials, implicit, password |
How the authorization is granted to the application. This will be one of authorization-code, client-credentials, implicit, or password. |
| client_idString | The client ID. This will be used by your application to identify itself to Review Board. |
| client_secretString | The client secret. This should only be known to Review Board and the application. |
client_typeOne of confidential, public |
The type of client. Confidential clients must be able to keep user password secure. This will be one of confidential or public. |
| enabledBoolean | Whether or not this application is enabled. If disabled, authentication and API access will not be available for clients using this application. |
| extra_dataDictionary | Extra information associated with the application. |
| idInteger | The application ID. This uniquely identifies the application when communicating with the Web API. |
| nameString | The application name. |
| redirect_urisList of String | The list of allowed URIs to redirect to. |
| skip_authorizationBoolean | Whether or not users will be prompted for authentication. This field is only editable by administrators. |
| userUser Resource | The user who created the application. |
Links¶
Name |
Method |
Resource |
|---|---|---|
| delete | DELETE |
|
| self | GET |
|
| update | PUT |
HTTP DELETE¶
Delete the OAuth2 application.
After a successful delete, this will return HTTP 204 No Content.
Errors¶
| 100 - Does Not ExistHTTP 404 - Not Found | Object does not exist |
| 101 - Permission DeniedHTTP 403 - Forbidden | You don’t have permission for this |
| 103 - Not Logged InHTTP 401 - Unauthorized | You are not logged in |
| 112 - OAuth2 Missing Scope ErrorHTTP 403 - Forbidden | Your OAuth2 token lacks the necessary scopes for this request. |
| 113 - OAuth2 Access Denied ErrorHTTP 403 - Forbidden | OAuth2 token access for this resource is prohibited. |
HTTP GET¶
Return information on a particular OAuth2 application.
The client’s logged in user must either own the app in question or be an administrator.
Errors¶
| 100 - Does Not ExistHTTP 404 - Not Found | Object does not exist |
| 101 - Permission DeniedHTTP 403 - Forbidden | You don’t have permission for this |
| 103 - Not Logged InHTTP 401 - Unauthorized | You are not logged in |
| 112 - OAuth2 Missing Scope ErrorHTTP 403 - Forbidden | Your OAuth2 token lacks the necessary scopes for this request. |
| 113 - OAuth2 Access Denied ErrorHTTP 403 - Forbidden | OAuth2 token access for this resource is prohibited. |
HTTP PUT¶
Update an OAuth2 application.
Extra data can be stored later lookup. See Storing/Accessing Extra Data for more information.
Request Parameters¶
authorization_grant_typeOne of authorization-code, client-credentials, implicit, password |
How authorization is granted to the application. |
client_typeOne of confidential, public |
The client type. Confidential clients must be able to keep user passwords secure. |
| enabledBoolean | Whether or not the application will be enabled. If disabled, authentication and API access will not be available for clients using this application. Defaults to true when creating a new Application. |
| nameString | The application name. |
| redirect_urisString | A comma-separated list of allowed URIs to redirect to. |
| regenerate_client_secretBoolean | The identifier of the LocalSite to re-assign this Application to. The Application will be limited to users belonging to that Local Site and will only be editable via the API for that LocalSite. If this is set to the empty string, the Application will become unassigned from all Local Sites and will be available globally. |
| skip_authorizationBoolean | Whether or not users will be prompted for authentication. |
| userString | The user who owns the application. This field is only available to super users. |
Errors¶
| 100 - Does Not ExistHTTP 404 - Not Found | Object does not exist |
| 101 - Permission DeniedHTTP 403 - Forbidden | You don’t have permission for this |
| 103 - Not Logged InHTTP 401 - Unauthorized | You are not logged in |
| 105 - Invalid Form DataHTTP 400 - Bad Request | One or more fields had errors |
| 112 - OAuth2 Missing Scope ErrorHTTP 403 - Forbidden | Your OAuth2 token lacks the necessary scopes for this request. |
| 113 - OAuth2 Access Denied ErrorHTTP 403 - Forbidden | OAuth2 token access for this resource is prohibited. |
Examples¶
application/vnd.reviewboard.org.oauth-app+json¶
$ curl https://reviews.example.com/api/oauth-apps/1/ -H "Accept: application/json"
HTTP 200 OK
Content-Length: 813
Content-Type: application/vnd.reviewboard.org.oauth-app+json
ETag: 5b8be166e011ccca817cf621d53fdb75863d9d72
Vary: Accept, Cookie
X-Content-Type-Options: nosniff
{
"oauth_app": {
"authorization_grant_type": "client-credentials",
"client_id": "awesome-app",
"client_secret": "ILWUl0tzMvDhBZZVnmtIRzL0vJPIaUMJykBXSfnjBAGOo0L1tk1yEv0akpuovA9vI5heXdrEDzHJny4S98XIvoMzh6Zx8Fr4g1aOZ22i6RNrO56Ja23X09xAETA3mUqK",
"client_type": "public",
"enabled": true,
"extra_data": {},
"id": 1,
"links": {
"delete": {
"href": "https://reviews.example.com/api/oauth-apps/1/",
"method": "DELETE"
},
"self": {
"href": "https://reviews.example.com/api/oauth-apps/1/",
"method": "GET"
},
"update": {
"href": "https://reviews.example.com/api/oauth-apps/1/",
"method": "PUT"
},
"user": {
"href": "https://reviews.example.com/api/users/doc/",
"method": "GET",
"title": "doc"
}
},
"name": "Awesome App",
"redirect_uris": [
"https://awesomeapp.example.com/oauth-redirect/"
],
"skip_authorization": false
},
"stat": "ok"
}